Lucene search
+L

966 matches found

vulnrichment
vulnrichment
added 2026/04/09 6:47 p.m.3 views

CVE-2026-34983 Wasmtime has a use-after-free bug after cloning `wasmtime::Linker`

Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following...

1CVSS5.8AI score0.00117EPSS
Exploits0References1
cvelist
cvelist
added 2026/04/09 6:47 p.m.19 views

CVE-2026-34983 Wasmtime has a use-after-free bug after cloning `wasmtime::Linker`

Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following...

1CVSS0.00117EPSS
Exploits0References1
osv
osv
added 2026/04/09 6:47 p.m.6 views

CVE-2026-34983 Wasmtime has a use-after-free bug after cloning `wasmtime::Linker`

Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following...

1CVSS5.9AI score0.00117EPSS
Exploits0References3
cve
cve
added 2026/04/09 6:47 p.m.30 views

CVE-2026-34983

Wasmtime 43.0.0 contains a use-after-free bug when cloning wasmtime::Linker, triggered by a specific host embedder API sequence (clone, drop original, use cloned linker). The issue is not controllable by guest Wasm programs and can manifest as a segfault; it does not enable heap corruption or dat...

5CVSS5.9AI score0.00117EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added 2026/04/09 6:47 p.m.8 views

CVE-2026-34983

Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following...

1CVSS5.9AI score0.00117EPSS
Exploits0References2Affected Software1
rustsec
rustsec
added 2026/04/09 12:0 p.m.7 views

Use-after-free bug after cloning `wasmtime::Linker`

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hfr4-7c6c-48w2 For more information see the GitHub-hosted security advisory...

5CVSS5.9AI score0.00117EPSS
Exploits0Affected Software1
cnnvd
cnnvd
added 2026/04/09 12:0 a.m.9 views

wasmtime 资源管理错误漏洞

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Version 43.0.0 of Wastime contains a resource management vulnerability. This vulnerability stems from a flaw in cloning wastim::Linker, which may lead to reuse after reclamation...

5CVSS5.8AI score0.00117EPSS
Exploits0References1
nessus
nessus
added 2026/04/09 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-34983

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by...

5CVSS5.5AI score0.00117EPSS
Exploits0References4
redhat
redhat
added 2026/03/31 4:23 p.m.13 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.5AI score0.00765EPSS
Exploits1References8
freebsd
freebsd
added 2026/03/31 12:0 a.m.12 views

Mbed TLS -- vulnerabilities

https://mbed-tls.readthedocs.io/en/latest/security-advisories/ reports: Client impersonation while resuming a TLS 1.3 session CVE-2026-34873 Entropy on Linux can fall back to /dev/urandom CVE-2026-34871 PSA random generator cloning CVE-2026-25835 Compiler-induced constant-time violations...

9.8CVSS5.9AI score0.00426EPSS
Exploits0References1
osv
osv
added 2026/03/30 5:40 p.m.4 views

GHSA-M983-V2FF-WQ65 LiveQuery protected field leak via shared mutable state across concurrent subscribers

Impact When multiple clients subscribe to the same class via LiveQuery, the event handlers process each subscriber concurrently using shared mutable objects. The sensitive data filter modifies these shared objects in-place, so when one subscriber's filter removes a protected field, subsequent...

8.2CVSS6AI score0.00367EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/03/30 12:0 a.m.7 views

PT-2026-29165

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.65 Parse Server versions prior to 9.7.0-alpha.9 Description Parse Server, an open source backend deployable on Node.js infrastructures, is affected by an issue where sensitive data can leak to unauthorized...

8.2CVSS5.9AI score0.00367EPSS
Exploits0References13
susecve
susecve
added 2026/03/28 6:19 p.m.8 views

SUSE CVE-2026-23399

In the Linux kernel, the following vulnerability has been resolved: nftables: nftdynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the element via GFPATOMIC fails, then the first stateful expression remains in place without being released...

4.7CVSS5.8AI score0.00121EPSS
Exploits0References16
redhatcve
redhatcve
added 2026/03/25 5:51 p.m.5 views

CVE-2026-23385

A flaw was found in the Linux kernel's netfilter nftables component. A local or privileged user could trigger a failing memory allocation during a set flush operation. This vulnerability, related to how nftables handles set cloning, can lead to a kernel warning WARN splat, potentially causing...

5.5CVSS5.7AI score0.00135EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/03/22 12:0 a.m.9 views

WWBN AVideo 路径遍历漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a path traversal vulnerability. This vulnerability stemmed from the deleteDump parameter in the cloneServer.json.php file being passed directly to the unlink...

8.1CVSS5.8AI score0.00505EPSS
Exploits1References2
redhat
redhat
added 2026/03/19 11:49 p.m.18 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.5AI score0.00765EPSS
Exploits1References8
redhat
redhat
added 2026/03/18 10:44 a.m.7 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.5AI score0.00765EPSS
Exploits1References8
github
github
added 2026/03/13 8:57 p.m.14 views

@google/clasp vulnerable to unsafe path traversal cloning or pulling a malicious script

Impact Allows an attacker to perform a "Path Traversal" attack to modify files outside the projects directory, potentially allowing for running attacker code on the developer's machine. Patches Fixed in version 3.2.0 Workarounds Only clone or pull scripts from trusted sources Review the output of...

8.8CVSS5.9AI score0.00465EPSS
Exploits1References6Affected Software1
nvd
nvd
added 2026/03/10 9:16 p.m.6 views

CVE-2025-66413

Git for Windows is the Windows port of Git. Prior to 2.53.02, it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is...

7.4CVSS0.00268EPSS
Exploits1References2
cvelist
cvelist
added 2026/03/10 8:34 p.m.38 views

CVE-2025-66413 Git for Windows leaks NTLM hash when cloning from an attacker-controlled server

Git for Windows is the Windows port of Git. Prior to 2.53.02, it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is...

7.4CVSS0.00268EPSS
Exploits1References2
Rows per page
Query Builder